GDPR Compliance Policy
Effective Date: September 2025
- Purpose & Scope:
This policy explains how Key & Eagle Digital Media Ltd., (“we”, “our”, “us”) collects, uses,
stores and protects personal data in line with the UK General Data Protection Regulation
(UK GDPR), the EU GDPR and the Data Protection Act 2018.
It applies to all personal data processed by the company in any format, whether digital
or physical, and covers our directors, employees, contractors, clients and suppliers.
- Data We Collect:
We may collect and process the following personal data:
- Names, job titles and business contact details
- Email addresses and telephone numbers
- Postal addresses (business or personal, where applicable)
- Payment and invoicing details
- Website usage data, such as IP address, browser type and operating system
- Photos, videos and other media containing identifiable individuals
- Other personal data voluntarily provided during projects or correspondence
- Data Collected by Third Parties:
Key and Eagle cannot guarantee data collected by third parties. Third parties include,
but are not limited to:
- Information collected by plugins that are installed on the website
- Data collected by our clients that own the website
- Lawful Basis for Processing:
We process personal data under one or more of the following lawful bases:
- Contractual necessity – To fulfil our obligations in providing services or receiving goods.
- Consent – Where required, especially for marketing or use of images.
- Legitimate interests – For the operation and growth of our business, provided these interests do not override the rights of the individual.
- Legal obligation – Where we are required to process data to comply with the law.
- How We Use Personal Data:
Personal data may be used for:
- Providing and managing our services
- Communicating with clients and suppliers
- Processing payments and invoices
- Marketing and promotional purposes (with consent where required)
- Managing website analytics and improving user experience
- Storing project files, including creative assets containing identifiable individuals
- Data Storage & Security:
We store personal data securely using:
- Encrypted storage systems
- Password-protected devices and accounts
- Secure payment processing providers
- Regular software updates and security checks
Only authorised personnel have access to personal data
- Data Sharing & Transfers:
We do not sell personal data. We may share data with:
- Service providers and subcontractors (e.g., hosting companies, payment
processors)
- Professional advisors (e.g., accountants, legal counsel)
- Regulatory or law enforcement authorities where required by law
If we transfer data outside the UK/EU, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.
- Data Retention:
We retain personal data only as long as necessary for the purposes collected:
- Client project data – typically up to 12 months after project completion
- Financial records – 6 years, as required by law
- Marketing data – until consent is withdrawn or it is no longer required
- Data Subject Rights:
Under the GDPR, individuals have the right to:
- Access their personal data
- Request correction or deletion of their data
- Restrict or object to certain processing activities
- Data portability (transfer of their data)
- Withdraw consent where processing is based on consent
Requests should be sent to our Data Protection Contact (see Section 11)
- Data Breach Procedures:
If a personal data breach occurs, we will:
- Investigate and contain the breach immediately
- Assess the risk to individuals’ rights and freedoms
- Notify the Information Commissioner’s Office (ICO) within 72 hours, if required
- Inform affected individuals without undue delay where the breach is likely to result in high risk
- Contact Details:
For questions about this policy or to exercise your rights, contact:
Data Protection Officer: Simon Bailey
Email: simon@ keyandeagle.com
Postal Address: Key & Eagle Digital Media Ltd, The Old Workshop, 12b Kennerleys Lane,
Wilmslow, SK9 5EQ, UK